Some visitors to the Xpress Web site this morning may have experienced unexpected results, including malware and/or virus notifications when visiting the site, www.mountainx.com.
Xpress staff detected a vulnerability in some third party software and immediately brought the site down. Xpress staff removed all malicious code and applied security updates for this software, and implemented a system for detecting future weaknesses before they become a problem.
Xpress appreciates your patience, and is happy to report that the site is better and safer than ever.
Thanks for reading through to the end…
We share your inclination to get the whole story. For the past 25 years, Xpress has been committed to in-depth, balanced reporting about the greater Asheville area. We want everyone to have access to our stories. That’s a big part of why we've never charged for the paper or put up a paywall.
We’re pretty sure that you know journalism faces big challenges these days. Advertising no longer pays the whole cost. Media outlets around the country are asking their readers to chip in. Xpress needs help, too. We hope you’ll consider signing up to be a member of Xpress. For as little as $5 a month — the cost of a craft beer or kombucha — you can help keep local journalism strong. It only takes a moment.
Can you please tell us how to get rid of the virus that infected our computers as a result of visiting your site?
Hi WebHelp,
If you visited mountainx.com Thursday morning and saw a virus warning you should still be fine as long as you didn’t download any file. To be sure, scan your computer for a file called “annonce.pdf”, if you locate this file on your computer delete it immediately. Do not open this file.
We believe we have identified the exploit. It appears that it is very new, and so details regarding it are scant right now. Internet security company McAfee has some information which you can view here.
We’re continuing to look into this and will post more information as we get it.
Thanks to everyone for their patience on this matter.
If you believe you were affected by this attack, we recommend you scan your computer for viruses and malware and remove any potential malware found. Remember to update your antivirus software prior to scanning, as we believe this is a very new piece of malware.
While we are not completely sure of the intent of our attackers, during our search for a cause we have found the following known flaw that affects current versions of Adobe Reader. It is difficult to know if this is a flaw that was attempted to be exploited, but it would be a good idea for people to follow the instructions found within the bulletin.
Adobe security bulletin – Protective measures are listed under the “Solution” heading.
We will continue to post information as we discover it.